Vulnerabilities in WeWork’s WiFi network have been discovered which expose sensitive data of the companies in the building.

This was initially discovered by a tenant who wanted to make sure that his organization’s data was not exposed.

What happened?

Temmu Airamo, a tenant in WeWork’s workspace shared the building with around 200 companies.

In 2015, his organization was working with sensitive documents. To ensure that there were no security concerns, he scanned the network and found financial records and devices belonging to other companies.

Airamo routinely runs WiFi scans and says that nothing has changed in four years, despite multiple attempts to contact the WeWork management.

It was also discovered that multiple workspaces belonging to WeWork use the same password for WiFi networks. These passwords were found to be easy to guess as well.

More details

The building houses multiple financial and legal firms that operate with a lot of sensitive data. This vulnerability has also been found to affect companies that do not have offices in any of WeWork’s workspace but work with an organization in the building.

Data belonging to two loan companies were found on the network. These companies do not have their offices in California or New York, the places where WeWork workspaces are present.

An insurance company, Axa XL, was also affected by this vulnerability. It is speculated that the leak was because of working with a startup in the WeWork workspace.

“We have a rigorous vendor management program in place that includes vetting cybersecurity protocols. Effective cyber security requires continuous improvements and we are reviewing this matter,” said Axa XL in a statement.

Staying secure

Airamo started using VPNs after discovering the security vulnerabilities in the WiFi.

Soon he noticed that VPNs were slowing down the internet speed, especially because his company had to stream songs and music videos for work.

He then customized a Raspberry Pi for routing all the network traffic. He has also published a white paper on this.

WeWork provides additional security that prevents devices on the same network from seeing each others’ activity at an additional cost.